ā10-03-2013 07:06 AM - edited ā02-21-2020 07:12 PM
I am trying to get a site to site vpn up and running:
All I am seeing is the following:
%ASA-5-750002: Local:x.x.x.x:500 Remote:x.x.x.x:500 Username:Unknown Received a IKE_INIT_SA request
%ASA-3-751002: Local:x.x.x.x:4500 Remote:x.x.x.x:4500 Username: x.x.x.x No pre-shared key or trustpoint configured for self in tunnel group x.x.x.x
%ASA-4-750003: Local:x.x.x.x:4500 Remote:x.x.x.x:4500 Username:x.x.x.x Negotiation aborted due to ERROR: Failed to locate an item in the database
ā10-03-2013 07:39 AM
Hi,
Do you have the following configurations
tunnel-group
tunnel-group
ikev1 pre-shared-key
Or depending on software it might be
tunnel-group
tunnel-group
pre-shared-key
- Jouni
ā10-03-2013 08:05 AM
tunnel-group x.x.x.x type ipsec-l2l
tunnel-group x.x.x.x general-attributes
default-group-policy GroupPolicy1
tunnel-group x.x.x.x ipsec-attributes
ikev1 pre-shared-key *****
isakmp keepalive disable
ā10-03-2013 08:16 AM
Hi,
Does the log messages IP address match exactly to the one in the "tunnel-group" configurations?
- Jouni
ā10-03-2013 08:37 AM
yes
ā06-09-2015 12:48 PM
Hello Guys,
I'm facing the same issue.
Here the tunnel-group is configured but it's like the ASA doesn't recgonize it.
Any help?
Regards.
ā06-10-2015 12:39 AM
Hi Allen,
Could you please share the logs that you are getting and the output of following commands from both the ASA's involved in building tunnel:
1. Show cry isa sa
2. show cry ipsec sa
3. show run tunnel-group
You can hide the ip address by using xx to saving it from unwanted people.
Once we have this information, I will be able to tell you where you are going wrong.
Thanks,
Vishnu
ā06-10-2015 12:11 PM
Hello Vishnu
hope you are doing fine.
First of all thank you very much for your answer.
The tunnel-group configuration related to this remote ip address is:
tunnel-group 104.41.xxx.xxx type ipsec-l2l
tunnel-group 104.41.xxx.xxx ipsec-attributes
ikev1 pre-shared-key *****
this remote ip address doesn't even show up in debugs or "show crypto ikev1..." or "show crypto ipsec sa" and etc.
I'm getting some messagen on the ASDM logging:
%ASA-5-750002
%ASA-3-751002
%ASA-4-750003
Looks like the ASA is completely ignoring these tunnel-group sentences, I removed then to do a test and the sympton is exactly the same without then.
ā06-11-2015 02:34 AM
Hi Allan,
I am not sure if you are using Ikev1 or Ikev2. Also the configuration that you have shared is from one side only. I need to see complete configuration from both the ends. Could you please share it here after hiding ip and group information.
We need it from both the sides to check if you are missing something on the ASA or not.
Thanks,
Vishnu
ā06-11-2015 12:50 PM
Hey Vishnu,
I'm using ikev1.
The other side is a problem, it's a VPN with Microsoft using Azure, kind of an autoconfigurable VPN that at the end generates a document containing the key and the protocols to be used (follow attached).
I configured the ASA using exactly these parameters, except by names, crypto map number and etc.
The strange thing is the ASA not even "seeing" the key we configured for the peer, it's like it's not even there.
Thanks again.
ā10-03-2013 10:35 AM
Is it possible for you to post complete debugs?
Because you get this error message if the IP that you are coming from there is no pre-shared key configured for it.
If you cannot paste teh debugs, double check the connection is not going to the dynamic map or the default l2l tunnel-group.
If you can paste the debugs and some portion of the crypto map configuration. It would help us to diagnose the issue better.
Thanks
Jeet Kumar
ā09-11-2017 11:40 AM
I know , This is an old post but do we have any resolution or root cause for this . Can somebody help please . I am also getting the same error when i am configuring a L2L VPN between Azure and ASA
ā10-07-2022 04:09 AM
any solution for this ?
i too have same error
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide